Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:14 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Tue Dec 23, 2014 4:14 pm 
Offline

Joined: Tue Dec 23, 2014 3:53 pm
Posts: 1
Hi.

I wish to use the Yubikey to keep my company's most important clients safe (executives, those who travel alot, etc). I was thinking something along this way:

A locally non-administrative account to log in with (domain account). When there is a need for elevated permissions the user must use a local user in the local administrators group that has a static long password saved on the Yubikey. First I thought this was an OK idea until I realize that if the Yubikey is left in the computer all it takes is for an attacker is to know the user name of the local administrator account...

Any tips from all of you Yubikey experts in the forum? The most important part is that the user must use a non-adminstrative account for the daily work but have the possibility to install programs as admin without needing to remember a long password.

Thank you in advance!
/Dean Y


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Dec 23, 2014 4:55 pm 
Offline

Joined: Wed Nov 19, 2014 12:11 am
Posts: 31
If you have a Windows domain, I would issue logon certificates and store the user certificate in slot 9A of the PIV applet on a Yubikey NEO. To log on, the user inserts their NEO and enters the PIV PIN.


Static passwords are of limited use - all it takes is to open a text editor, press the button and you have a copy of the password. If you must use a static password (for example for a disk encryption password), the recommendation is that you store only part of the passwords in the Yubikey and type the rest.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group